import { Tabs, Steps, Callout } from "nextra/components";
import UniversalTabs from "../../components/UniversalTabs";

# Kubernetes Deployment via Glasskube

## Prerequisites

- A Kubernetes cluster currently set as the current context in `kubectl`
- `docker`, `openssl`, `kubectl` and [`glasskube`](https://glasskube.dev) installed

## What is Glasskube?

[Glasskube](https://glasskube.dev) is an alternative package manager for Kubernetes and part of the CNCF landscape. Glasskube is designed as a Cloud Native application and every installed package is represented by a Custom Resource.

<Callout type="info" emoji="🧊">

[`glasskube/glasskube`](https://github.com/glasskube/glasskube/) is in active development, with _good first issues_
available for new contributors.

</Callout>

## Quickstart

<Steps>
### Generate encryption keys

There are 4 encryption secrets required for Hatchet to run which can be generated via the following bash script (requires `docker` and `openssl`):

```sh filename=generate.sh copy
#!/bin/bash

# Define an alias for generating random strings. This needs to be a function in a script.
randstring() {
    openssl rand -base64 69 | tr -d "\n=+/" | cut -c1-$1
}

# Create keys directory
mkdir -p ./keys

# Function to clean up the keys directory
cleanup() {
    rm -rf ./keys
}

# Register the cleanup function to be called on the EXIT signal
trap cleanup EXIT

# Check if Docker is installed
if ! command -v docker &> /dev/null
then
    echo "Docker could not be found. Please install Docker."
    exit 1
fi

# Generate keysets using Docker
docker run --user $(id -u):$(id -g) -v $(pwd)/keys:/hatchet/keys ghcr.io/hatchet-dev/hatchet/hatchet-admin:latest /hatchet/hatchet-admin keyset create-local-keys --key-dir /hatchet/keys

# Read keysets from files
SERVER_ENCRYPTION_MASTER_KEYSET=$(<./keys/master.key)
SERVER_ENCRYPTION_JWT_PRIVATE_KEYSET=$(<./keys/private_ec256.key)
SERVER_ENCRYPTION_JWT_PUBLIC_KEYSET=$(<./keys/public_ec256.key)

# Generate the random strings for SERVER_AUTH_COOKIE_SECRETS
SERVER_AUTH_COOKIE_SECRET1=$(randstring 16)
SERVER_AUTH_COOKIE_SECRET2=$(randstring 16)

# Create the YAML file
cat > hatchet-secret.yaml <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: hatchet-secret
  namespace: hatchet
stringData:
  SERVER_AUTH_COOKIE_SECRETS: "$SERVER_AUTH_COOKIE_SECRET1 $SERVER_AUTH_COOKIE_SECRET2"
  SERVER_ENCRYPTION_MASTER_KEYSET: "$SERVER_ENCRYPTION_MASTER_KEYSET"
  SERVER_ENCRYPTION_JWT_PRIVATE_KEYSET: "$SERVER_ENCRYPTION_JWT_PRIVATE_KEYSET"
  SERVER_ENCRYPTION_JWT_PUBLIC_KEYSET: "$SERVER_ENCRYPTION_JWT_PUBLIC_KEYSET"
EOF
```

### Apply the secret

To apply the secret run:

```sh
kubectl create namespace hatchet
kubectl apply -f hatchet-secret.yaml
```

### Install Hatchet

<Tabs items={['CLI', 'GUI']}>
    <Tabs.Tab>

        ```sh
        glasskube install hatchet
        ```

        Make sure to set the api server and engine replica count to 0 and use the secret name you applied before (`hatchet-secret`).

    </Tabs.Tab>
    <Tabs.Tab>

        ```sh
        glasskube serve
        ```

        You can now install Hatchet via the GUI. Make sure to follow the instructions in the UI.

    </Tabs.Tab>

</Tabs>

### Open Hatchet

<Tabs items={['CLI', 'GUI']}>
    <Tabs.Tab>
        ```sh
        glasskube open hatchet
        ```

    </Tabs.Tab>
    <Tabs.Tab>

       You can simply use the "Open" button in the GUI.

    </Tabs.Tab>

</Tabs>

### Set up your Hatchet account

You can create a new user account by clicking the `Register` button on the Hatchet login screen, and then creating a new account and tenant.

Next, navigate to your settings tab in the Hatchet dashboard. You should see a section called "API Keys". Click "Create API Key", input a name for the key and copy the key. Then copy the following environment variable:

```
HATCHET_CLIENT_TOKEN="<token>"
HATCHET_CLIENT_TLS_STRATEGY=none
```

You will need this in the following example.

### Port forward to the Hatchet engine

```sh
export NAMESPACE=hatchet # TODO: change if you modified the namespace
export POD_NAME=$(kubectl get pods --namespace $NAMESPACE -l "app.kubernetes.io/name=hatchet-engine,app.kubernetes.io/instance=hatchet" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace $NAMESPACE $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
kubectl --namespace $NAMESPACE port-forward $POD_NAME 7070:$CONTAINER_PORT
```

This will spin up the Hatchet engine service on `localhost:7070` which you can then connect to from the examples.

### Generate an API token

To generate an API token, navigate to the `Settings` tab in the Hatchet frontend and click on the `API Tokens` tab. Click the `Generate API Token` button to create a new token. Store this token somewhere safe.

### Run your first worker

Now that you have an API token, see the guide [here](https://docs.hatchet.run/home/setup) for how to run your first task.

</Steps>
